Share this story

MEPs have expressed concern about the many “deficiencies” in the current text of the Privacy Shield data-sharing deal with the US, and urged officials to negotiate a better agreement.

In a non-binding resolution passed by 501 votes to 119 with 31 abstentions on Thursday, politicos urged the European Commission—which is the executive wing of the EU—to address issues such as US authorities’ access to data; the possibility of collecting bulk data in “exceptional cases” contrary to the EU Charter of Fundamental Rights; the independence of a proposed US ombudsperson, and the complexity of the redress system.

The Privacy Shield deal is expected to replace the now defunct Safe Harbour mechanism to allow the transfer of European personal data to the US. Safe Harbour was ruled invalid by the European Court of Justice last October in the Max Schrems case. Many MEPs acknowledged that Privacy Shield was a substantial improvement on the previous system, however gaps opened up between political groups on how to approach it.

Further Reading

During a debate on Wednesday night, Dutch MEP Sophie in 't Veld said that comparisons to Safe Harbour were beside the point: “There is only one yardstick: is this or is this not Schremsproof? It seems to me the commission is prepared to make a decision knowing that it will not stand in court.”

However European People’s Party MEP Axel Voss warned against any attempt to torpedo the finalisation of the Privacy Shield, saying it was essential for European businesses and consumers to have legal certainty.

Green MEP, and the parliament’s resident Mr Privacy, Jan Philipp Albrecht, had argued for a sunset clause after four years, to put pressure on the US government to make more improvements, but this proposal was rejected by other groups. “The parliament does not take its own criticism seriously,” he said. “The grand coalition of conservatives and social-democrats admitted the lack of sufficient protection for the EU data transferred under Privacy Shield, but still rejected a sunset clause.”

Voss said that in his view a sunset clause was not necessary as there is “a strong annual review procedure” that makes the sunset clause redundant. He added that he believes the push for a sunset clause is motivated by a lack of trust in the commission and its ability to lead the discussion.

Joe McNamee, Executive Director of European Digital Rights (EDRi), described the vote to reject a sunset clause as “incomprehensible."

“A sunset clause could have been a means to inspire a meaningful renegotiation,” he said. “This means that the USA will have no incentive to make any concessions. This means that European businesses can have no legal certainty if they rely on this agreement, which is broken by design. The new agreement has no chance of being upheld if challenged at the court."

Albrecht agrees that Privacy Shield does not seem like a viable long-term solution: “It seems highly questionable that this new framework addresses the concerns outlined by the ECJ.”

The commission is not obliged to take parliament’s advice, and is expected to make a final decision on this agreement by end of June.